This might not be the right place for a cool cargo add implementation, but something I've long wanted is for cargo add to check for typosquatting. Simplest way to do this is:
Keep an index of all published crates
When cargo add foobar is executed check for typosquatting against the index. A naive approach would just be to check the string edit distance but that could be refined. Reputation could be used as an additional heuristic, like "foo-bar looks similar to the more popular crate foobar, are you sure you want to add this dependency?"
It could be behind a config value and off by default to avoid breaking changes.
This might not be the right place for a cool
cargo addimplementation, but something I've long wanted is forcargo addto check for typosquatting. Simplest way to do this is:cargo add foobaris executed check for typosquatting against the index. A naive approach would just be to check the string edit distance but that could be refined. Reputation could be used as an additional heuristic, like "foo-bar looks similar to the more popular crate foobar, are you sure you want to add this dependency?"It could be behind a config value and off by default to avoid breaking changes.